Confused - Sort Of - VPN/Port Forwarding

[TL1096r]

As catcamstar alluded to, most, if not all routers brands have been or can be exploited. Where he and I seem to differ is on how a company learns about and deals with found code bugs and exploits. I have no interest in and don't sell them, but Netgear has been exemplary in setting up a bug bounty program and in squashing bugs and exploits in record time once discovered.

Router Brands to stay away from in my opinion:
DLink, Asus & TPlink (nothing wrong with these companies' switches, etc)

Decent router brands to date:
Netgear, Ubiquiti, Cisco

I see where you are coming from and it was a big misstep for asus, I still bought my router due to easy openvpn setup in July. I enabled this:
Malicious Website Blocking
Vulnerability Protection
Infected Device Prevention and Blocking

Then I saw all traffic is sent to trendmicro... So that seems like a big privacy concern and not sure how that is allowed. I disabled it. What do you suggest in terms of disabling or enabling that service?

They seem to update their signature/firmware a lot.

As there been any issues lately with asus?

I think dlink is the worse.

 

[Holbs]

Also... mentioned was Dlink, Asus, and TPlink. What about Netgear? Especially the Netgear Nighthawks (though I think these routers were more "online gaming" designed).

 

[gokiwi]

So as per original post - All working - Android Phone/Linux Laptop/Windows Laptop (remote not on local lan) - So a huge and I mean huge thank you to all concerned - it is appreciated.

And now to this storm I seem to have created - been thinking about it over the past couple of days.

The average "home user" just doesn't care about security all they are interested in is surfing the web, its irrelevant to them, then there are a few folks who are more tech savvie/home business/small business and want to do more than just surf the web and thats where the problem starts you rely on the honesty and integrity of the vendor and or pricing point. I looked at a ton of reviews for xdsl routers before I bought my ASUS not one review mentioned dodgy security and even today they still number consistently in the top 10.
Without being stupid name an xdsl router that the somewhat tech savvie person can use that meets all current security standards

 

[Hammerhead786]

So as per original post - All working - Android Phone/Linux Laptop/Windows Laptop (remote not on local lan) - So a huge and I mean huge thank you to all concerned - it is appreciated.

And now to this storm I seem to have created - been thinking about it over the past couple of days.

The average "home user" just doesn't care about security all they are interested in is surfing the web, its irrelevant to them, then there are a few folks who are more tech savvie/home business/small business and want to do more than just surf the web and thats where the problem starts you rely on the honesty and integrity of the vendor and or pricing point. I looked at a ton of reviews for xdsl routers before I bought my ASUS not one review mentioned dodgy security and even today they still number consistently in the top 10.
Without being stupid name an xdsl router that the somewhat tech savvie person can use that meets all current security standards

Glad you got it all sorted. I see no storm that you created, however, I do see a thread that was hijacked.

 

[The Automation Guy]

Glad to see another person successfully using VPN to access their home network. That alone makes them more secure than about 90% of the people out there.

As far as router security, I think one of the biggest issues is that the average person installs their router and NEVER looks at it again. They never install firmware updates or think about security once the initial installation is done.

As far as router recommendations, I would agree that using a well known and respected third party firmware is almost a "must have" at this point. Something like DD-WRT or Merlin at the very least. But honestly the best solution is to look at something like Ubiquity or pfSense or some other actively supported router solution. Building your own pfSense router is inexpensive and a robust solution. In fact it is arguably cheaper than buying a high end router (although you will still need to address the need for a wireless access point, so the cost comparison isn't exactly apples to apples). I'm running my pfsense router on an HP thin client (T620 plus) that I picked up used for about $120. Adding another network card was about $30, so I have $150 total in my build.

Of course this whole topic is like pandora's box or an onion that you start pealing. It can get deep very quickly! But these are great questions to ask and conversations we should be having.

 

[Hammerhead786]

Glad to see another person successfully using VPN to access their home network. That alone makes them more secure than about 90% of the people out there.

As far as router security, I think one of the biggest issues is that the average person installs their router and NEVER looks at it again. They never install firmware updates or think about security once the initial installation is done.

As far as router recommendations, I would agree that using a well known and respected third party firmware is almost a "must have" at this point. Something like DD-WRT or Merlin at the very least. <snip>

Of course this whole topic is like pandora's box or an onion that you start pealing. It can get deep very quickly! But these are great questions to ask and conversations we should be having.

Completely agree, but these conversations should take place in an appropriate thread.

 

[VorlonFrog]

For the benefit of readers whose router doesn't provide VPN features: OpenVPN for the RaspberryPi

 

[mikeynags]

I will advise you to install another VPN. I researched article for you about Best VPN for Laptop – Laptop VPN | Webguidevpn

They are looking to host a VPN on their own network to access cameras, NVR's, etc. not looking for Internet privacy by connecting to a 3rd party VPN.

 

[looney2ns]

I will advise you to install another VPN. I researched article for you about Best VPN for Laptop – Laptop VPN | Webguidevpn

Wrong type of VPN for this purpose.

 

[toastie]

The OP mentioned port forwarding with a VPN. Instructions on GitHub about running openvpn on a raspberry pi have this, "You will need to have your router forward UDP port 1194 (or whatever custom port you may have chose in the installer)".

Incidentally, I have an Asus router on DDWRT but it runs openvpn client. My main router doesn't have openvpn so if I need to, I'll set up an RPi as an openvpn server again, this time for access to my BI PC when I'm away from home. Perhaps I'll use Stunnel though I'll have to do some homework first.

 

[gokiwi]

Well its taken a bit of time but I think I have got almost everything working in a safe and secure manner - but could probably be improved
So my setup is now
Cisco 877 series xdsl router only for isp connection
Cisco 892 connected to 877 this is running nat (my internal network is now all 10. addressing
The 892 is also running my VPN
BI pc has dual nics and I am using multiple vlans so all good there too

Looks a bit mad scientist but it works and I'm hoping is more secure than before.

Next step is a firewall and removal of one of the 800 series